9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.93 High
EPSS
Percentile
99.0%
Added: 08/22/2008
CVE: CVE-2008-3558
BID: 30578
OSVDB: 47344
The WebEx Meeting Manager is automatically installed when a user starts or joins a meeting.
A buffer overflow vulnerability in the **atucfobj.dll**
ActiveX control allows command execution when a user loads a web page which calls the **NewObject**
method with a specially crafted parameter.
Remove the WebEx Meeting Manager. A fixed version will be installed the next time a user starts or joins a meeting hosted by a WebEx server running a fixed software version.
<http://archives.neohapsis.com/archives/fulldisclosure/2008-08/0084.html>
<http://www.cisco.com/warp/public/707/cisco-sa-20080814-webex.shtml>
Exploit works on WebEx Meeting Manager 20.2008.2601.4928 and requires a user to load the exploit page in Internet Explorer.
Windows